What is claimed is: 



\l 1 • P method of authenticating the identity of a user to determine access to 
a system, bomprising: 

providing a plurality of factor-based data instances corresponding to a 

user; 

evaluating the factor-based data instances to determine if the user's 
identity is authenticated; 

restrictingvthe user's access to the system if the user's identity is not 
authenticated; anc 

granting the\jser's access to the system if the user's identity is 
authenticated. 

2. The method \>f claim 1, further comprising providing an authentication 
value, based on the evaluation determination. 

3. The method of qaim 1, wherein restricting the user's access includes 
denying the user's access. 

4. The method of claim V wherein the factor-based data instances 
include a knowledge-based data instance. 
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5. The method of claim 1 , wherein the factor-based data instances 
include a possession-based data instance. 

6. The method of claim 1 , wherein the factor-based data instances 
5 include a biometric-basep data instance. 
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7. A method of authenticating the identity of a user to determine access to 
a system, comprising: 

providing a plurality of\factor-based data instances corresponding to a 
* 10 user, including at least one modified data instance based on a second data 
instance of the plurality of factok-based data instances; 

generating a key based oi\ a first data instance of the plurality of factor- 
based data instances; 

applying the key to the at leafet one modified data instance to generate a 

I si 

p 15 recovered data instance; 

O 

fy interrogating the recovered dat^ instance against the second data 

instance to generate an authentication \^lue as a result of a correspondence 
evaluation; 

restricting the user's access to the System based at least in part on an 
20 invalid authentication value; and 

granting the user's access to the systefyi based at least in part on a valid 
authentication value. 
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8. TheVnethod of claim 7, wherein the authentication value is a first 
authentication value, the method further comprising combining the first 
authentication value with at least one other authentication value, to generate a 
combined authentication value. 

9. The method of claim 7, wherein restricting the user's access includes 
denying the user's access. 

10. The method tof claim 7, wherein the factor-based data instances 
include a knowledge-based data instance. 

1 1 . The method of claim 7, wherein the factor-based data instances 
include a possession-based data instance. 

12. The method of claim 7, wherein the factor-based data instances 
include a biometric-based data instance. 

13. A method of authenticating the identity of a user to determine access 
to a system, comprising: \ 

providing a possession-based data Instance, a modified version of the 
possession-based data instance, a knowledoe-based data instance, a biometric- 
based data instance, and a modified version of the biometric-based data 
instance; \ 
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generating a key based on the knowledge-based data instance; 

\ 

V 

applying the key to the modified version of the possession-based data 
instance to generate a first recovered data instance; 

interrogating the first recovered data instance against the possession- 
based data instanc* to generate a possession value as a result of a first 
correspondence evaluation; 

applying the key to the modified version of the biometric-based data 
instance to generate asecond recovered data instance; 

interrogating the\second recovered data instance against the biometric- 
based data instance to generate a biometric value as a result of a second 
correspondence evaluation; 

combining the key, \\e possession value, and the biometric value to form 
an authentication value; 

restricting the user's access to the system if the user's identity is not 
authenticated, based at least in part on the authentication value; and 

granting the user's access \o the system if the user's identity is 
authenticated, based at least in parion the authentication value. 

14. The method of claim 13, wn^rein restricting the user's access 
includes denying the user's access. 



15. The method of claim 13, whereilo the modified version of the 
biometric-based data instance is a first modified version of the biometric-based 



36 



data instance, and the biometric value is a second modified version of the 
biometric-based data instance. 

16. The method of claim 15, wherein the biometric value is a 
5 cryptographic hash of the biometric-based data instance. 
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17. The method of claim 13, wherein restricting the user's access to the 
system and grantfhg the user's access to the system is based on a modified 
version of the authentication value. 

18. The method of claim 17, wherein the modified version of the 
authentication value is\a cryptographic hash of the authentication value. 



19. A method of authenticating the identity of a user to determine access 
15 to a system, comprising: 

providing a possessfon-based data instance, a stored biometric-based 
data instance, and a read biometric-based data instance; 

interrogating the stored biometric-based data instance against the read 
biometric-based data instance \o generate a biometric value as a result of a 
20 correspondence evaluation; 

combining the possession-^ased data instance and the biometric value to 
form an authentication value; 
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evaluating the authentication value to determine if the user's identity is 
authenticated; 

restricting the user's access to the system if the user's identity is not 
authenticated, based at least in part on the authentication value; and 

granting the user's access to the system if the user's identity is 
authenticated Abased at least in part on the authentication value. 

20. The method of claim 19, wherein restricting the user's access 
includes denying tine user's access. 

21. The method of claim 19, wherein the biometric value is a modified 
version of the biometric-based data instance. 

22. The method oV claim 21 , wherein the biometric value is a 
cryptographic hash of the oiometric-based data instance. 

23. The method of claim 19, wherein restricting the user's access to the 
system and granting the user's access to the system is based on a modified 
version of the authentication value. 

24. The method of claim 23, wherein the modified version of the 
authentication value is a cryptographic^hash of the authentication value. 

38 \ 



• * 

25. A method of authenticating the! identity of a user to determine access 
to a system, comprising: / 

providing a possession-based data instance, a biometric-based data 
instance, and a modified version of the biometric-based data instance; 

applying the possession-based data instance to the modified version of 
the biometric-based data instance jo generate a recovered data instance; 

interrogating the recoveredfdata instance against the biometric-based data 
instance to generate a biometricA/alue as a result of a correspondence 
evaluation; / 

combining the possesafon-based data instance and the biometric value to 
form an authentication valuaf 

evaluating the authentication value to determine if the user's identity is 
authenticated; / 

restricting the users access to the system if the user's identity is not 
authenticated, based at/least in part on the authentication value; and 

granting the usdrs access to the system if the user's identity is 
authenticated, based at least in part on the authentication value. 

26. The method of claim 25, wherein restricting the user's access 
includes denying the user's access. 

27. The mithod of claim 25, wherein the modified version of the 
biometric-based data instance is a first modified version of the biometric-based 
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data instance, and the biometric value is a feecond modified version of the 
biometric-based data instance. / 

28. The method of claim 27, wherein the biometric value is a 
cryptographic hash of the biometricyoased data instance. 

29. The method of claim£5, wherein restricting the user's access to the 
system and granting the user's access to the system is based on a modified 
version of the authentication value. 

30. The method ofyclaim 29, wherein the modified version of the 
authentication value is a cryptographic hash of the authentication value. 
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